- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Detect an Impossible Travel event when a @userIdentity.type:
{{@userIdentity.type}}
uses an AWS IAM access key and filter out VPNs and AWS Internal IPs.
The Impossible Travel detection type’s algorithm compares the GeoIP data of the last log and the current log to determine if the IAM user with @userIdentity.session_name:
{{@userIdentity.session_name}}
traveled more than 500km at over 1,000km/hr and used an AWS IAM access key.
@userIdentity.accessKeyId:
{{@userIdentity.accessKeyId}}
for @userIdentity.session_name:
{{@userIdentity.session_name}}
should be used from {{@impossible_travel.triggering_locations.first_location.city}}, {{@impossible_travel.triggering_locations.first_location.country}}
and {{@impossible_travel.triggering_locations.second_location.city}}, {{@impossible_travel.triggering_locations.second_location.country}}
.{{@impossible_travel.triggering_locations.first_location.city}}, {{@impossible_travel.triggering_locations.first_location.country}}
and {{@impossible_travel.triggering_locations.second_location.city}}, {{@impossible_travel.triggering_locations.second_location.country}}
, then consider isolating the account and reset credentials.